A stack (frame) overflow flaw, leading to denial of service (application crash), was found in the way getaddrinfo() routine (returning a list of address structures for particular request) of glibc, the collection of GNU libc libraries, processed certain requests. If an application linked against glibc accepted untrusted getaddrinfo() input remotely, a remote attacker could issue a specially-crafted request, which once processed would lead to that application crash. References: [1] https://bugzilla.novell.com/show_bug.cgi?id=813121 [2] http://www.openwall.com/lists/oss-security/2013/04/03/2 Proposed Novell patch: [3] http://bugzillafiles.novell.org/attachment.cgi?id=533210
Created attachment 731167 [details] Local copy of proposed patch by Novell
This issue affects the versions of the glibc package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the glibc package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Created glibc tracking bugs for this issue Affects: fedora-all [bug 947892]
We are aware of this issue and we are looking at it in upstream [1]. The application stack overflow results in a crash but requires poisoning DNS. We will wait for a more thorough upstream review and test before fixing this in all of Fedora. Given the low priority we will fix this as required in RHEL. If anyone has an objection to this plan of action please speak up with comments about why this should be higher than low priority and low severity. [1] http://sourceware.org/ml/libc-alpha/2013-04/msg00060.html
The CVE identifier of CVE-2013-1914 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/04/03/6
Upstream bug report: http://sourceware.org/bugzilla/show_bug.cgi?id=15330 Relevant upstream patch: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1cef1b19089528db11f221e938f60b9b048945d7
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0769 https://rhn.redhat.com/errata/RHSA-2013-0769.html
glibc-2.17-13.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1605 https://rhn.redhat.com/errata/RHSA-2013-1605.html
IssueDescription: It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.